Technology Guidelines for International Travel

When traveling internationally, it is crucial to ensure the security of your devices and data. This comprehensive guide provides essential guidelines to help you protect your information before, during, and after your trip. By following these best practices, you can minimize the risk of cyber threats and maintain the integrity of your personal and professional data. Whether it's avoiding public Wi-Fi, using secure connections, or planning for multi-factor authentication, these steps will help you stay safe and secure while abroad. 

Before Your Trip

  • Plan for Multi-Factor Authentication (MFA): Download and register the Microsoft Authenticator App to secure your university account. Alternatively, you can request a temporary hardware token from the Office of Information Security.
    • Requesting a Token: Employees can request temporary hardware tokens from the Office of Information Security. This token will be used for two-step login without the need for a cell or data service.
  • Check for Restrictions: Research any advisories, sanctions, or local laws in your destination country that may affect accessing your university account. This will help you avoid any legal issues while traveling.
  • Minimize Devices and Data: Leave unnecessary devices and sensitive information at home. This reduces the risk of data breaches and makes your travel experience smoother.
  • Travel with a Clean laptop: If you need to take a laptop or device, consider whether you need to store any data on it. If not, you can use the university’s VPN, SharePoint, OneDrive, Outlook, and Microsoft Office 365 applications via the web.
    • This minimizes data on your local device and eliminates the need for your specific device.
    • We recommend checking out a loaner laptop from GOVSTECH, which can provide a freshly built, encrypted device free of data. However, be prepared to provide access to the device as required by the laws of the country you are visiting, even if there is no data on it.
    •  All loaner laptop requests must be submitted through the GOVSTECH service portal within five business days before the travel date. Here is the link to the service request Loaner Laptop Request.
    • It is advised not to take encrypted devices to high-risk countries such as China, Iran, North Korea, and Russia. If you must take a device to these countries, this will require additional time and approvals from IT security.
  • Business Cards: Bring business cards with contact information for interested parties. This provides a professional way to share details without relying on electronic devices.
  • Cellphones and Mobile Devices Tips:
  • Consider Non-Smartphones: Using a non-smartphone for calls can help you avoid being a high-value target for theft or surveillance. Non-smartphones are less likely to attract attention and are generally more secure for basic communication.
  • Backup and Reset Devices: Before you travel, backup all critical data from your device to a secure location. Then, reset your device to factory settings to ensure no sensitive information is stored during your trip.
  • Limit Data: Remove any email accounts and limit the synced data on your device. This reduces the risk of unauthorized access to your personal or professional information.
  • Use Strong Passcodes: Protect your devices with unique passcodes to prevent unauthorized access. Avoid using easily guessable codes like birthdays or simple sequences.
  • Disable Bluetooth and Wi-Fi: Disable Bluetooth and Wi-Fi features unless you actively use them. This minimizes the risk of your device being compromised by hackers using sniffing technologies on wireless connections.

During Your Trip

  • Assume Monitoring: Always assume that your device activities are being monitored. Adjust your actions accordingly to avoid sharing sensitive information.
  • Be Aware of Surroundings: Be cautious of people around you when entering passwords. Shield your screen and keyboard to prevent others from seeing your credentials.
  • Use MFA Offline: Use the Microsoft Authenticator app or a temporary hardware token for offline multi-factor authentication (MFA). This ensures secure access even without an internet connection on your device being used for MFA.
  • Use Secure Connections: Only secure internet connections, preferably cellular networks. Utilize APSU's VPN or VDI environment to access university resources safely.
  • Avoid Public Networks: Do not use free wireless connections or public computers for sensitive data. These networks are often insecure and can expose your information to unauthorized access.
  • Turn off Wireless and Bluetooth: Disable wireless and Bluetooth features when unused. This reduces the risk of unauthorized connections and potential data breaches.
  • Avoid Software Updates on Public Wi-Fi: Do not download or install hotel or public Wi-Fi updates. These networks can be compromised, making your device vulnerable during updates.
  • Report IT Security Incidents: If your device is lost or stolen, complete this incident form Potential Security Issue and change your passwords immediately. Prompt action can help protect your accounts and data from unauthorized access.
  • Secure Your Devices: Keep devices with you or locked in a hotel safe. Avoid using obvious laptop bags that can attract attention.
  • Use Private Browsing: Switch to a private browsing tab or window when using your browser. This helps protect your privacy by not storing browsing history or cookies.
  • Avoid Public Charging Stations: Use your charger and avoid public USB charging stations. Public charging stations can be compromised and may transfer malware to your device.
  • Power Off Devices: Turn off devices when not in use. This helps conserve battery life and reduces the risk of unauthorized access.
  • Keep Devices Secure: Keep your devices with you at all times. If they are taken out of sight, consider them compromised and take appropriate security measures.

 

After Your Trip

  • Return Borrowed Equipment: Return any loaner laptops or hardware MFA tokens to IT Security after your trip. This ensures that the equipment can be checked appropriately, sanitized, and made available to other users.
  • Change Passwords: Immediately upon returning, change your APSU and other account passwords. This helps protect your accounts from any potential security breaches that may have occurred while you were traveling.
  • Backup Data: Backup any new data you acquired during your trip to a secure location. This ensures that your important information is safely stored and can be accessed.

Additional International Travel Tips for Researchers

Cloud Storage: We recommend that employees ONLY use university-authorized cloud storage when traveling abroad. Here is why:

  • Data Security: University-approved cloud services provide encryption and security measures that protect sensitive academic and research data from unauthorized access or cyber threats.
  •  Access & Support: Approved cloud services ensure reliable access to files from anywhere in the world. They also come with institutional IT support, reducing the risk of losing access due to unexpected restrictions or outages.
  •  Avoiding Data Breaches: Public or unverified cloud services can pose risks, such as data leaks or unintentional exposure to third parties. University-authorized storage ensures that data remains within protected environments.
  • Do Not Exchange Controlled Information: Avoid exchanging controlled information via phone, fax, or email during your trip. This helps protect sensitive data and ensures compliance with export control regulations.

By following these guidelines, you can help ensure the security of your devices and data while traveling.

 

Print Article